GitHub Universe 2018: Low Key Revolutionary

GitHub Universe 2018 was low key revolutionary. Executives avoided silverback displays, but the underlying message was clear. Where a previous generation of executive screamed “developers developers developers”, Github simply rolled out its stats, and made the case for developer primacy. GitHub is, quite simply, home for developers. GitHub is where source code lives.

The numbers are increasingly clear cut. GitHub claimed users had increased by 8m in 2018, from 23m to 31m. Without re-litigating the size of the world’s growing software developer population, more and more of it is going to use GitHub. Which of course explains why Microsoft acquired the company, an acquisition that closed the day after Universe finished. It increasingly looks like Microsoft got a bargain. New CEO Nat Friedman was at the event, and low key suits him pretty well. I expect Friedman to accelerate a transformation underway at the firm already – culturally, and in terms of product management discipline.

So let’s talk about product management – at Universe, GitHub nailed it both in terms of Big Ideas, but also incremental delight the developer moments.

Actions Arrives

GitHub Actions feels like a profound launch, one that will prove extremely disruptive in the long term.

Actions allows a developer to write event-driven workflows in whatever programming language they want, which run on containers hosted by GitHub. Being able to run scripts on the platform sounded almost trivial at first listen. But the deeper implications of GitHub as runtime will become clearer over time.

Firstly GitHub is embracing and extending CI/CD. While the firm was keen to avoid the language of CD or pipelines in its use cases out of respect for partners, it was clear GitHub Actions is worrying for partners – most notably CircleCI and TravisCI. Running tests and builds on GitHub itself, is becoming a reality.

In the longer term the disruption Actions will enable will go much further than hosted CI. As our industry has repeatedly demonstrated, platforms that begin by encroaching on dev/test become full blown production environments in their own right over time. We had the VMware pattern, then the AWS pattern, then the Docker pattern, and now the GitHub pattern emerges. Start with dev/test and QA and eventually workloads migrate to the platform. The notion GitHub will become an infrastructure platform involves a degree of extrapolation.

Actions as a Serverless platform

GitHub Actions is effectively a serverless platform. It has the feel of a “Lambda for GitHub”, creating pipelines based on GitHub events and triggers. Actions is an event-driven platform for developer tasks and events, with a command line interface (CLI) but also a graphical workflow model. It feels a bit like Yahoo Pipes meets IFTTT.

Actions lacks a pricing and billing model for now, but it offers some compelling, highly differentiated functionality. Where AWS Lambda was made for short running jobs, GitHub Actions has a different design point – an application build might easily take 20 minutes. Customers will almost certainly happily pay monthly for simple Actions tiers though pricing has yet to be finalised.

One use case that fits the Actions sweet spot is GitOps, where automation is managed using a platform such as GitHub or the aforementioned GitLab or Atlassian. Pull requests trigger updates to pipelines and runtime environments without direct interaction with production, with Git as the system of record. For more on GitOps, this post by Alexis Richardson is well worth a read.

Modern software developers only want to live in 3 environments: their favorite code editor, Slack, and GitHub. Developers want to work in as few environments as possible. If GitHub becomes the place developers default to for automation in development pipelines that has significant implications for AWS, let alone TravisCI. I won’t go into implications for competitors such as Atlassian, Cloudbees and GitLab here – that’s a subject for another post, where we also look at Microsoft portfolio rationalisation between GitHub and the Azure DevOps suite.

So what about future implications of Actions for AWS, Microsoft Azure and GCP Cloud compute platforms? Actions could even pose a threat to the centrality and stickiness of the cloud console, because if developers can drive all their workflows from GitHub they have less need to use the console.

At Jenkins Universe a couple of weeks after Universe Arun Gupta Principal Open Source Technologist at Amazon Web Services pitched his cloud. He talked about the ability to spin up an instance: “just go to the AWS console and click a button”. A few moments later, he said: “never send a human to do a robots job”. But visiting the AWS console and clicking to provision something is very much a robot’s job.

It might seem absurd to position GitHub as an AWS competitor, and for now the competition is certainly not obvious, but there is no denying the potential for GitHub to lessen the primacy of a cloud operator console in favour of Actions scripted in GitHub, triggering actions and deployments across multiple clouds. Indeed, gimmicky though it was, GitHub used its keynote to demonstrate the ability to deploy a workload across multiple clouds.

On that note it was interesting to see the partners and people GitHub had given early access to for demos on day 2 – developer friendly automation was a strong indicator of being invited to the party. Mitchell Hashimoto of Hashicorp, Joe Duffy of Pulumi, Jessie Frazelle of Azure Cloud, Edith Harbaugh and John Kodumal, founders of of Launch Darkly, Mathias Bilmann, Netlify CEO, and Peter Buckley, Manager of Software Automation at Chewy.com.

Shout-out to @PulumiCorp at the GitHub Universe keynote. Deploying cloud apps directly from GitHub using Pulumi is the new hotness. #NewProfilePic

Frazelle really brought out the Unix Pipes-like philosophy underpinning Actions for me – a set of discrete functions for carrying out developer tasks, build binaries, linting, cross compile and so on. An operating system for software development. Jessie suggested that developers shouldn’t do things the way she does, but in fact social coding + Actions is one of the most exciting aspects for future development of the platform. Why wouldn’t people sign up to the @jessfraz way, or the @kelseyhightower deploy, or the @bryanleroux build? One of the problems in a catalog or library is of course finding stuff – which library should I choose? GitHub has actually not leveraged its social graph that broadly in product, but we’d be surprised if we didn’t see things like Actions of the week, or more profiles very much like putting Frazelle on stage at GitHub.

But Actions isn’t going to just be used for DevOps tasks and automation. Developers will start building general purpose apps with it. The serverless story here is interesting. Actions promises to be a disruptive compute model, not edge exactly, but bringing compute closer to the developer. As the GitHub Pattern becomes reality, one can even begin to ask questions about the value of the GitHub brand vs Microsoft Azure itself.

GitHub as deployment platform is an interesting one because I have argued with Heroku folks over the years that eventually Github would start offering compute services. They all told me it would never happen. Then GitHub hired them. And many of them worked on Actions.

I believe we’ll definitely see billable Actions with revenue share, with a payment mechanism for contributors. We’ll even see new startups using Actions as a primary distribution and compute platform. We’ll see folks like Frazelle getting paid for Actions, without even needing to spinup a startup to benefit from their work.]

Delightful moments.

So Actions is the big news, but GitHub still remains adept at introducing incremental features that delight the developer.

Thus Kathy Simpson, senior director of product management, introduced Suggested Changes, allowing suggestions for improvements by the reviewer within the pull request itself. Reviewers no longer need to branch and add a commit, removing the back and forth in a pull request review. Just. Making. Things. Easier.

GitHub also introduced Token Scanning, which scans code for strings that look like security keys or API tokens, helping developers avoid introducing attack vectors into their code. GitHub already did this with its own keys, but now it scans for third party tokens as well. The scanning library was actually written by Intel, which is kind of cool. Another feature with solid security use cases is the Dependency Graph– to help developers better understand the code they rely on, but also other projects that depend on their libraries.

Some of the new stuff had been soft launched, but still fitted the Universe keynotes nicely. I am not a big fan of saving everything up for the once a year big event so a little repetition is fine. GitHub Enterprise unified search based on GitHub Connect should be very useful, allowing an enterprise developer to securely search across public and private repos. Related, Unified Contributions means all comments, reviews and code are recognised on public profiles.

Concluding

So Github has visionary functionality in play, as well a continued focus on important small things. It has an excellent new CEO. I really haven’t got into integrations or otherwise with Azure because that’s probably a subject for another post. But Actions does have the potential to drive a significant amount of compute traffic, and that’s going to need an infrastructure behind it. Microsoft’s acquisition looks exceedingly well timed.